aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* kernel: kmod-btmrvl: Add kmod-mmc as dependencyDaniel Engberg2017-09-171-1/+1
| | | | | | | | | This fixes the build of this module and should fix the build bots. Fixes: a5922f6 ("kernel: bluetooth: add marvell sdio bluetooth module") Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> [removed mveub dependency and update commit comment] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* generic: drop 704-phy-no-genphy-soft-reset.patchFlorian Fainelli2017-09-162-42/+0
| | | | | | | | | | | | 4.4.80+ contains 71a165f6397df07a06ce643de5c2dbae29bd3cfb, 4.9.41+ contains 6c78197e4a69c19e61dfe904fdc661b2aee8ec20 which are all backports of upstream commit 0878fff1f42c18e448ab5b8b4f6a3eb32365b5b6 ("net: phy: Do not perform software reset for Generic PHY"). Our local patch is no longer needed, all this patch was doing was utilizing gen10g_soft_reset which does nothing either, so just keep the code unchanged. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* dnsmasq: Pass TARGET_CPPFLAGS to MakefileFlorian Fainelli2017-09-161-1/+1
| | | | | | | | | With the introduction of the ubus notifications, we would now fail building dnsmasq with external toolchains that don't automatically search for headers. Pass TARGET_CPPFLAGS to the Makefile to resolve that. Fixes: 34a206bc1194 ("dnsmasq: add ubus notifications for new leases") Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* armvirt: Enable CONFIG_ARM_PMUFlorian Fainelli2017-09-161-0/+1
| | | | | | | We will be prompted with this config symbol when performance monitoring is enabled in the kernel. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* mvebu: WRT3200ACM: add bluetooth moduleHenryk Heisig2017-09-171-1/+1
| | | | Signed-off-by: Henryk Heisig <hyniu@o2.pl>
* kernel: bluetooth: add marvell sdio bluetooth moduleHenryk Heisig2017-09-171-0/+21
| | | | | | | | This commit add support for Marvell bluetooth with SDIO interface. Signed-off-by: Henryk Heisig <hyniu@o2.pl> [Fix KCONFIG and FILES option] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* linux-firmware: update to the commit from 2017-09-06Henryk Heisig2017-09-171-3/+3
| | | | | | | | update firmware mrvl/sd8887_uapsta.bin Signed-off-by: Henryk Heisig <hyniu@o2.pl> [update to version 2017-09-06] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* utils/e2fsprogs: Update to 1.43.6Daniel Engberg2017-09-171-9/+7
| | | | | | | | | | | | Update e2fsprogs to 1.43.6 Disable compilation of fuse2fs (we don't package it) Disable thread support (only affects fuse2fs) Enable linking with libblkid instead of using private (included) version. The libblkid is ~210KBytes in size, but with using the shared library the binaries are ~25KBytes smaller. This also brings it in sync with most other Linux distributions. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* kernel: add packaging for Xeon iTCO watchdog timerPhilip Prindeville2017-09-172-1/+18
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* mwlwifi: update to version 10.3.4.0 / 2017-08-10Kabuli Chana2017-09-171-3/+3
| | | | | | Update mwlwifi Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
* libs/wolfssl: bump to version 3.12.0 ; add myself as maintainerAlexandru Ardelean2017-09-171-3/+4
| | | | Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* libs/wolfssl: adjust symbol defaults against libwolfssl defaultsAlexandru Ardelean2017-09-171-7/+7
| | | | | | | | Some symbols have been renamed. Some are default enabled/disabled, so we need to adjust semantics against that. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* libs/wolfssl: disable hardening check in `settings.h`Alexandru Ardelean2017-09-171-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This seems to cause a false-positive warning/error while building `libwebsockets-cyassl`. ``` make[6]: Leaving directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1' make[6]: Entering directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1' [ 2%] Building C object CMakeFiles/websockets.dir/lib/base64-decode.c.o In file included from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/ssl.h:31:0, from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/ssl.h:33, from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/openssl/ssl.h:30, from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/private-libwebsockets.h:256, from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/base64-decode.c:43: /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/wolfcrypt/settings.h:1642:14: error: #warning "For timing resistance / side-channel attack prevention consider using harden options" [-Werror=cpp] #warning "For timing resistance / side-channel attack prevention consider using harden options" ``` Hardening is enabled by default in libwolfssl at build-time. However, the `settings.h` header is exported (along with other headers) for build (via Build/InstallDev). This looks like a small bug/issue with wolfssl. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* cyassl,curl,libustream-ssl: rename every `cyassl` to `wolfssl`Alexandru Ardelean2017-09-176-44/+44
| | | | | | | | | | | | This is to eliminate any ambiguity about the cyassl/wolfssl lib. The rename happened some time ago (~3+ years). As time goes by, people will start to forget cyassl and start to get confused about the wolfSSL vs cyassl thing. It's a good idea to keep up with the times (moving forward). Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* libs/wolfssl: add libcysassl to PROVIDES field (for backwards compat)Alexandru Ardelean2017-09-171-0/+1
| | | | | | | | Until other packages from feeds decide to rename the dependency of `+libcyassl` to `+libwolfssl`, this allows for a bit of backwards compatibility with those packages. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* wwan: json format in some modem definitionsAlexandru Ardelean2017-09-16268-349/+349
| | | | | | | | | | | | | | | | | | | | Method used: ``` cd package/network/utils/wwan/files/data sed -e 's/}}/}/g' -i * sed -e 's/}\t"acm": 1/\t"acm": 1/g' -i * sed -e 's/}\t"generic": 1/\t"generic": 1/g' -i * ``` Manually adjusted commas. Validated with ``` for f in `ls` ; do echo $f ; python -m json.tool < $f || break ; done ``` Thanks to @lynxis for pointing out the commas. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* tools/e2fsprogs: Update to 1.43.6Daniel Engberg2017-09-164-39/+2
| | | | | | | | | | Update e2fsprogs to 1.43.6 * Remove FreeBSD patch as it's not needed, FreeBSD 9.1 is EoL and this is compiling on FreeBSD 11.1. * Remove libmagic patch, RHEL 5 is EoL (End of Production Phase) since March 31, 2017. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* tools/expat: Update to 2.2.4Daniel Engberg2017-09-161-2/+2
| | | | | | Update (lib)expat to 2.2.4 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* toolchain: gcc: update 7.x to 7.2.0Kevin Darbyshire-Bryant2017-09-1627-75/+282
| | | | | | | | | | | | | | Bump gcc from 7.1 to 7.2 Compile & run tested: ar71xx Trace history of current patches and update with commit ref & comment to give more clue as to why they're still around/needed. Some have changed form since the original commit but some clue is better than no clue at all. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: update 4.4 to 4.4.88Kevin Darbyshire-Bryant2017-09-163-22/+22
| | | | | | | Refresh patches. Compile & run tested: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* odhcpd: don't enable server mode on non-static lan portKarl Palsson2017-09-162-4/+19
| | | | | | | | | | | | Instead of blindly enabling the odhcpd v6 server and RA server on the lan port, only do that if the lan port protocol is "static" This prevents the unhelpful case of a device being a dhcpv4 client and v6 server on the same ethernet port. Signed-off-by: Karl Palsson <karlp@etactica.com> [PKG_SOURCE_DATE increase; odhcpd.defaults script cleanup] Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ramips: fix used MAC addresses for Phicomm K2PJiawei Wang2017-09-151-1/+1
| | | | | | | | | | | | | | | The factory partition of the Phicomm K2P contains two MAC addresses. The lower MAC address is at offset 0xe006 and the higher one is at offset 0xe000. Use the lower MAC address as base mac-address which the switch driver increments by one for the second (wan) vlan. The MAC addresses are still inverted in contrast to the stock firmware where the lower MAC address is used for wan. But at least the use of a MAC address not intended/reserved for this particular board is fixed. Signed-off-by: Jiawei Wang <me@jwang.link>
* odhcpd: update to git HEAD versionHans Dedecker2017-09-131-3/+3
| | | | | | | | | | | | | | | | f0bce9c dhcpv4: fix memset compile issue 0ba3278 dhcpv4: rework assignment lookup e3b49f3 dhcpv4: cleanup dhcpv4_test usage 47fe122 dhcpv4: rework lease expire handling logic 028ab85 dhcpv4: force renew nonce authentication support a827fca dhcpv4: avoid segfault when there's no IPv4 prefix bea088b ndp: detect ifindex changes via interface netlink events f66103e ubus: display accept reconf status for DHCPv6 assignments f0e354b treewide: replace RELAYD prefix naming in macros 1a313f9 dhcpv4: fix possible segfault when lease is not created e2d6eb4 dhcpv4: dhcpv4: move interface lease list insertion out of dhcpv4_assign Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ramips: fix D240 mini-PCIe power control GPIOsKristian Evensen2017-09-131-3/+14
| | | | | | | | | | | | | | | | In commit b11c51916cb9 ("ramips: Improve Sanlinking D240 config") I made a mistake with regards GPIO numbering. And in addition to specifying the wrong GPIO for controling the power of one of the mini-PCIe, I recently discovered that the power of both slots can be controlled. This patch specifies the correct GPIO for the left-most mini-PCIe slot of the D240 (labeled power_mpcie2 since the slot is attached to SIM2), and adds a GPIO that can be used to control the power of the other mini-PCIe slot (labeled power_mpcie1). Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com> [do not use the gpio active macros for the gpio-export value] Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: add support for TP-Link Archer C20 v1Maxim Anisimov2017-09-138-0/+220
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | TP-Link Archer C20 v1 is a router with 5-port FE switch and non-detachable antennas. It's very similiar to TP-Link Archer C50. Also it's based on MediaTek MT7620A+MT7610EN. Specification: - MediaTek MT7620A (580 Mhz) - 64 MB of RAM - 8 MB of FLASH - 2T2R 2.4 GHz and 1T1R 5 GHz - 5x 10/100 Mbps Ethernet - 2x external, non-detachable antennas - UART (J1) header on PCB (115200 8n1) - 8x LED (GPIO-controlled*), 2x button, power input switch - 1 x USB 2.0 port * WAN LED in this devices is a dual-color, dual-leads type which isn't (fully) supported by gpio-leds driver. This type of LED requires both GPIOs state change at the same time to select color or turn it off. For now, we support/use only the blue part of the LED. * MT7610EN ac chip isn't not supported by LEDE. Therefore 5Ghz won't work. Factory image notes: These devices use version 3 of TP-Link header, fortunately without RSA signature (at least in case of devices sold in Europe). The difference lays in the requirement for a non-zero value in "Additional Hardware Version" field. Ideally, it should match the value stored in vendor firmware header on device. We are able to prepare factory firwmare file which is accepted and (almost) correctly flashed from the vendor GUI. As it turned out, it accepts files without U-Boot image with second header at the beginning but due to some kind of bug in upgrade routine, flashed image gets corrupted before it's written to flash. So, to flash this device we must to prepare image using original firmware from tp-link site with uboot. Flash instruction: Until (if at all) TP-Link fixes described problem, the only way to flash LEDE image in these devices is to use tftp recovery mode in U-Boot. There are two ways to flash the device to LEDE: 1) Using tftp mode with UART connection and original LEDE image - Place lede-ramips-mt7620-ArcherC20-squashfs-factory.bin in tftp server directory - Configure PC with static IP 192.168.0.66/24 and tftp server. - Connect PC with one of LAN ports, power up the router and press key "4" to access U-Boot CLI. - Use the following commands to update the device to LEDE: setenv serverip 192.168.0.66 tftp 0x80060000 lede-ramips-mt7620-ArcherC20-squashfs-factory.bin erase tplink 0x20000 0x7a0000 cp.b 0x80060000 0x20000 0x7a0000 reset - After that the device will reboot and boot to LEDE 2) Using tftp mode without UART connection but require some manipulations with target image - Download and unpack TP-Link Archer C20 v1 firmware from original web site - Split uboot.bin from original firmware by this command (example): dd if=Archer_C20v1_0.9.1_4.0_up_boot(160427)_2016-04-27_13.53.59.bin of=uboot.bin bs=512 count=256 skip=1 - Create ArcherC20V1_tp_recovery.bin using this command: cat uboot.bin lede-ramips-mt7620-ArcherC20-squashfs-factory.bin > ArcherC20V1_tp_recovery.bin - Place ArcherC20V1_tp_recovery.bin in tftp server directory. - Configure PC with static IP 192.168.0.66/24 and tftp server. - Connect PC with one of LAN ports, press the reset button, power up the router and keep button pressed for around 6-7 seconds, until device starts downloading the file. - Router will download file from server, write it to flash and reboot. Signed-off-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
* generic: drop support for get_port_stats() on ar8xxxThibaut VARENE2017-09-133-59/+18
| | | | | | | | | | | | | | | | The implementation is not efficient on ar8xxx switches. It triggers high CPU load and degrades device performance. The high CPU load has been traced down to the ar8xxx_reg_wait() call in ar8xxx_mib_op(), which has to usleep_range() till the MIB busy flag set by the request to update the MIB counter is cleared. This commit removes the get_port_stats() code introduced in 4d8a66d and leaves a note for future hacker's beware. Fixes: FS#1004 Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
* treewide: fix shellscript syntax errors/typosLorenzo Santina2017-09-1310-11/+10
| | | | | | | | | Fix multiple syntax errors in shelscripts (of packages only) These errors were causing many conditions to not working properly Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [increase PKG_RELEASE, drop command substitution from directip.sh] Signed-off-by: Mathias Kresin <dev@kresin.em>
* ramips: fix hg255d LED status supportDavid Yang2017-09-131-0/+1
| | | | | | | | Use the green power LED for boot status indication. Source: https://my.oschina.net/osbin/blog/278782 Para 3 Signed-off-by: David Yang <mmyangfl@gmail.com>
* basefiles: allow suid coredumpsKevin Darbyshire-Bryant2017-09-122-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Set sysctl fs.suid_dumpable = 2 This allows suid processes to dump core according to kernel.core_pattern setting. LEDE typically uses suid to drop root priviledge rather than gain it but without this setting any suid process would be unable to produce coredumps (e.g. dnsmasq) Processes still need to set a non zero core file process limit ('ulimit -c unlimited' or if procd used 'procd_set_param limits core="unlimited"') in order to produce a core. This setting removes an obscure stumbling block along the way. >From https://www.kernel.org/doc/Documentation/sysctl/fs.txt suid_dumpable: This value can be used to query and set the core dump mode for setuid or otherwise protected/tainted binaries. The modes are 0 - (default) - traditional behaviour. Any process which has changed privilege levels or is execute only will not be dumped. 1 - (debug) - all processes dump core when possible. The core dump is owned by the current user and no security is applied. This is intended for system debugging situations only. Ptrace is unchecked. This is insecure as it allows regular users to examine the memory contents of privileged processes. 2 - (suidsafe) - any binary which normally would not be dumped is dumped anyway, but only if the "core_pattern" kernel sysctl is set to either a pipe handler or a fully qualified path. (For more details on this limitation, see CVE-2006-2451.) This mode is appropriate when administrators are attempting to debug problems in a normal environment, and either have a core dump pipe handler that knows to treat privileged core dumps with care, or specific directory defined for catching core dumps. If a core dump happens without a pipe handler or fully qualifid path, a message will be emitted to syslog warning about the lack of a correct setting. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* ar71xx: fix MAC addresses on TP-Link TL-WR1043ND v4Matthias Schiffer2017-09-112-2/+3
| | | | | | | | | | The addresses were read from the 'config' partition, which would not always contain the addresses at the same offsets, depending on the stock firmware version used before flashing LEDE. Change this to get the addresses from the 'product-info' partition, which is read-only. Reported-and-tested-by: Andreas Ziegler <ml@andreas-ziegler.de> Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* ramips: Add support for ZBT WE1026-5GKristian Evensen2017-09-117-1/+220
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The ZBT WE1026-5G (http://www.zbtlink.com/products/router/WE1026-5G.html) is the follow-up to the ZBT WE1026 and is based on MT7620. For the previous WE1026, the ZBT WE826 image could be used. However, as the name implies, the -5G comes equipped with a 5GHz wifi radio. As the WE826 only has a 2.4GHz radio, the addition of 5GHz means that a separate image is needed for the WE1026-5G. I suspect that this image will also work on the previous WE1026, but I don't have a device to test with. The WE1026-5G has following specifications: * CPU: MT7620A * 1x 10/100Mbps Ethernet. * 16 MB Flash. * 64 MB RAM. * 1x USB 2.0 port. * 1x mini-PCIe slots. * 1x SIM slots. * 1x 2.4Ghz WIFI. * 1x 5GHz wifi (MT7612) * 1x button. * 3x controllable LEDs. Works: * Wifi. * Switch. * mini-PCIe slot. Only tested with a USB device (a modem). * SIM slot. * Sysupgrade. * Button (reset). Not working: * The 5GHz WIFI LED is completely dead. I suspect the issue is the same as on other devices with Mediatek 5Ghz wifi-cards/chips. The LED is controlled by the driver, and mt76 (currently) does not support this. Not tested: * SD card reader. Notes: * The modem (labeled 3G/4G) and power LEDs are controlled by the hardware. * There is a 32MB version of this device available, but I do not have access to it. I have therefor only added support for the 16MB version, but added all the required infrastructure to make adding support for the 32MB version easy. Installation: The router comes pre-installed with OpenWRT, including a variant of Luci. The initial firmware install can be done through this UI, following normal procedure. I.e., access the UI and update the firmware using the sysupgrade-image. Remember to select that you do not want to keep existing settings. Recovery: If you brick the device, the WE1026-5G supports recovery using HTTP. Keep the reset button pressed for ~5sec when booting to start the web server. Set the address of the network interface on your machine to 192.168.1.2/24, and point your browser to 192.168.1.1 to access the recovery UI. From the recovery UI you can upload a firmware image. Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
* ath10k: Re-enable intermediate softqueues for all devicesToke Høiland-Jørgensen2017-09-112-2/+29
| | | | | | | | | | | | The upstream ath10k driver disables the intermediate softqueues for some devices. This patch reverts that behaviour and always enables the softqueues (and associated bufferbloat fixes). We have had reports of people running this with good results: https://lists.bufferbloat.net/pipermail/make-wifi-fast/2017-September/001497.html This also refreshes mac80211 patches. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
* scripts/download.pl: fail loudly if provided hash is unsupportedBaptiste Jonglez2017-09-111-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | Currently, if the provided hash is unsupported (length different from 32 or 64 bytes), we happily download the requested file without any kind of checksum verification. This is quite dangerous and may provide a false sense of security, because a single typo in the hash (e.g. one character deleted by mistake) may skip checksum verification entirely. Instead, fail immediately if we don't support the provided hash. In particular, if an external package repository decides to change the hash algorithm one day, we will now fail loudly instead of skipping checksum verification without complaints. Note: if some users of scripts/download.pl knowingly provide an empty hash because they don't need checksum verification, this change will break them. This does not seem to be the case currently, but if this feature is ever needed, an option should be added to download.pl instead of relying on the hash being empty. Fixes: eaa4eba10a89 ("scripts/download.pl: add SHA-256 support") Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
* ar71xx: Add GRO support to ag71xxRosen Penev2017-09-111-3/+3
| | | | | | On a TL-WN710N, this patch increases iperf performance from ~92.5 to ~93.5 mbps. Keep in mind the WN710N is a 100mbps device. I expect greater numbers from gigabit devices. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* ramips: Change ethernet driver to use napi_complete_done.Rosen Penev2017-09-111-1/+1
| | | | | | Backport of mailine linux commit. Speeds up ethernet slightly and reduces latency. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* cns3xxx: fix GPIO controller interrupt enableTim Harvey2017-09-111-3/+3
| | | | | | | | | | | | | The cns3xxx interrupt controller uses a single register and as such the 'mask' reg/functions must be used as opposed to the 'enable'/'disable' reg/functions. This fixes an issue that occurs if more than one GPIO on a specific controller (there is GPIOA and GPIOB each having 32 GPIO's) uses interrupts. When one would get enabled all others would be disabled prior to this patch. Signed-off-by: Tim Harvey <tharvey@gateworks.com> Acked-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: update 4.9 to 4.9.49Stijn Tintel2017-09-114-10/+8
| | | | | | | | | | Refresh patches. Compile-tested on octeon and x86/64. Runtime-tested on octeon and x86/64. Fixes CVE-2017-11600. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strace: bump to 4.19Stijn Tintel2017-09-111-2/+2
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* mbedtls: update to 2.6.0 CVE-2017-14032Kevin Darbyshire-Bryant2017-09-112-28/+28
| | | | | | | | | | | | | | | Fixed an authentication bypass issue in SSL/TLS. When the TLS authentication mode was set to 'optional', mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (default: 8), even when it was not trusted. This could be triggered remotely on both the client and server side. (Note, with the authentication mode set by mbedtls_ssl_conf_authmode()to be 'required' (the default), the handshake was correctly aborted). Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Tested-by: Magnus Kroken <mkroken@gmail.com>
* tcpdump: bump to 4.9.2Stijn Tintel2017-09-112-37/+41
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* lldpd: bump to 0.9.8Stijn Tintel2017-09-111-2/+2
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ar71xx: add metadata to wpj344 and wpj558 imagesEnrique Giraldo2017-09-101-0/+6
| | | | | | | | This adds metadata to wpj344 and wpj558 images to prevent loading firmware of wpj344 into wpj558 and vice versa. This until now was possible and break the units and had to be recovered from the uboot. Signed-off-by: Enrique Giraldo <enrique.giraldo@galgus.net>
* ar71xx: wpj558: remove unused eth1 device and fix MAC addressEnrique Giraldo2017-09-102-11/+5
| | | | Signed-off-by: Enrique Giraldo <enrique.giraldo@galgus.net>
* ar71xx: add support for COMFAST CF-E355ACEnrique Giraldo2017-09-1012-0/+93
| | | | | | | | | | | | | | | | | | | | | | | | | | COMFAST CF-E355AC is a ceiling mount AP with PoE support, based on Qualcomm/Atheros QCA9531 + QCA9882. Short specification: - 2x 10/100 Mbps Ethernet, with PoE support - 64MB of RAM (DDR2) - 16 MB of FLASH - 2T2R 2.4 GHz, 802.11b/g/n - 2T2R 5 GHz, 802.11ac/n/a - built-in 4x 3 dBi antennas - output power (max): 500 mW (27 dBm) - 1x RGB LED, 1x button - built-in watchdog chipset Flash instruction: Original firmware is based on OpenWrt. Use sysupgrade image directly in vendor GUI. Signed-off-by: Enrique Giraldo <enrique.giraldo@galgus.net> [whitespace fixes, ac radio caldata offset fix] Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* ar71xx: add support for GL.iNet GL-USB150Piotr Dymacz2017-09-1013-0/+121
| | | | | | | | | | | | | | | | | | | | | GL.iNet GL-USB150 is an USB dongle WiFi router, based on Atheros AR9331. Specification: - 400/400/200 MHz (CPU/DDR/AHB) - 64 MB of RAM (DDR2) - 16 MB of FLASH (SPI NOR) - Realtek RTL8152B USB to Ethernet bridge (connected with AR9331 PHY4) - 1T1R 2.4 GHz - 2x LED, 1x button - UART header on PCB Flash instruction: Vendor firmware is based on OpenWrt CC. GUI or sysupgrade can be used to flash LEDE firmware. Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* hostapd: fix iapp_interface optionLorenzo Santina2017-09-101-1/+1
| | | | | | | ifname variable were not assigned due to syntax error causing the hostapd config file to have an empty iapp_interface= option Signed-off-by: Lorenzo Santina <lorenzo.santina.dev@gmail.com>
* lantiq: ARV7519RW22: enable PCIeJorge Amorós2017-09-101-1/+2
| | | | | | | Enable PCIe to make the (still unsupported) WAVE300 wireless visible to the system. Signed-off-by: Jorge Amorós <joramar76@yahoo.es>
* lantiq: VR200v: enable PCIVittorio Alfieri2017-09-091-0/+5
| | | | | | | Enable PCI to make the (still unsupported) WAVE300 wireless visible to the system. Signed-off-by: Vittorio Alfieri <vittorio88@gmail.com>
* ramips: Archer C50v1: support US and EU versionsThibaut VARENE2017-09-091-4/+6
| | | | | | | | | | | | | | | | | For the Archer C50v1, the EU and US versions are differentiated by their respective HW additional version (0x0 for US, 0x2 for EU). The stock web interface checks this field before flashing, making it impossible to flash the current (US) factory image on EU hardware. However the bootloader does not check this field, making it possible to use a single sysupgrade image for both hardware. This patch adds the necessary build bits to generate both EU and US factory images, and renames the target as "Archer C50v1" since there are as of now 3 different versions of Archer C50 (all with different CPUs). Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
* tools/firmware-utils: mktplinkfw2: allow parameter overrideThibaut VARENE2017-09-091-9/+7
| | | | | | This patch enables commandline override of board hw_ver and hw_ver_add Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>